Disable Legacy Authentication

A fresh deployment of Office 365 comes with Exchange Online hosted mailboxes. One of the first actions I take in any environment, no matter how big or small, is to where possible disable legacy authentication protocols in Exchange Online, such as POP, IMAP. This isnt always possible, but there should be very good business justification for keep these protocols enabled on a mailbox. One of the biggest risks of having these protocols enabled is the ability for a malicious user to bypass MFA security. This is because older clients dont support modern authentication and therefore will just accept the username and password.

To disable these protocols for all mailboxes, use the following script

If you need to re-enable this for any users that should be excluded then, run this script afterwards

Leave a Reply

Your email address will not be published. Required fields are marked *